lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <174621296673.22196.7605277890848696857.tip-bot2@tip-bot2>
Date: Fri, 02 May 2025 19:09:26 -0000
From:
 tip-bot2 for Thomas Weißschuh <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: thomas.weissschuh@...utronix.de, Thomas Gleixner <tglx@...utronix.de>,
 x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip: timers/urgent] vdso: Reject absolute relocations during build

The following commit has been merged into the timers/urgent branch of tip:

Commit-ID:     7aeb1538be5df3efa1d799e5428ac3a0ae802293
Gitweb:        https://git.kernel.org/tip/7aeb1538be5df3efa1d799e5428ac3a0ae802293
Author:        Thomas Weißschuh <thomas.weissschuh@...utronix.de>
AuthorDate:    Wed, 30 Apr 2025 11:20:14 +02:00
Committer:     Thomas Gleixner <tglx@...utronix.de>
CommitterDate: Fri, 02 May 2025 20:57:11 +02:00

vdso: Reject absolute relocations during build

All vDSO code needs to be completely position independent.
Symbol references are marked as hidden so the compiler emits
PC-relative relocations. However there are cases where the compiler may
still emit absolute relocations, as they are valid in regular PIC DSO code.
These would be resolved by the linker and will break at runtime.

Introduce a build-time check for absolute relocations.
The check is done on the object files as the relocations will not exist
anymore in the final DSO. As there is no extension point for the
compilation of each object file, perform the validation in vdso_check.

Debug information can contain legal absolute relocations and readelf can
not print relocations from the .text section only. Make use of the fact
that all global vDSO symbols follow the naming pattern "vdso_u_".

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Link: https://lore.kernel.org/all/20250430-vdso-absolute-reloc-v2-2-5efcc3bc4b26@linutronix.de
Link: https://lore.kernel.org/lkml/aApGPAoctq_eoE2g@t14ultra/
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=120002
---
 lib/vdso/Makefile.include | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/vdso/Makefile.include b/lib/vdso/Makefile.include
index cedbf15..04257d0 100644
--- a/lib/vdso/Makefile.include
+++ b/lib/vdso/Makefile.include
@@ -12,7 +12,13 @@ c-getrandom-$(CONFIG_VDSO_GETRANDOM) := $(addprefix $(GENERIC_VDSO_DIR), getrand
 #
 # As a workaround for some GNU ld ports which produce unneeded R_*_NONE
 # dynamic relocations, ignore R_*_NONE.
+#
+# Also validate that no absolute relocations against global symbols are present
+# in the object files.
 quiet_cmd_vdso_check = VDSOCHK $@
       cmd_vdso_check = if $(READELF) -rW $@ | grep -v _NONE | grep -q " R_\w*_"; \
 		       then (echo >&2 "$@: dynamic relocations are not supported"; \
+			     rm -f $@; /bin/false); fi && \
+		       if $(READELF) -rW $(filter %.o, $(real-prereqs)) | grep -q " R_\w*_ABS.*vdso_u_"; \
+		       then (echo >&2 "$@: absolute relocations are not supported"; \
 			     rm -f $@; /bin/false); fi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ